Remove W32.Mydoom.V@mm Using instuctions belowW32.Mydoom.V@mm is classified as computer worm. As any other worm W32.Mydoom.V@mm is self-copying and replicating threat and it gets to your PC through local or global network. And the you will get the most imact on your network and internet connection. Worms are not easy to remove and we advise you to download WiperSoft Antispyware Malware Remediation Tool or ask our specialists for help. Otherwise use this manual guide to remove W32.Mydoom.V@mmFor our customers who own one of our products we provide FREE help in removing W32.Mydoom.V@mm redeeming problems connected with W32.Mydoom.V@mm in case our software didn't help!If you are customer and W32.Mydoom.V@mm Removal Tool can't detect the problem - fill in the form below. Our support staff will contact you in several minutes and give a step-by-step guide on how to get rid of W32.Mydoom.V@mm. In complex cases specialist will connect your PC and remove threat manually. Mention that we guarantee removal of W32.Mydoom.V@mm.
Try to describe your problem step-by-step. Attach suspicious files:We'll contact you back in several minutes after you click on this button. We guarantee individual solution !
It is important:
 Threat's description and solution are developed by Security Stronghold security team. If you want to learn more about the W32.Mydoom.V@mm use links below :
Technical details of the threatName of the threat: Command or file name: Threat type: Affected OS: W32.Mydoom.V@mm Cnfgldr.exe Worm Win32 (Windows 9x, Windows XP, Windows Vista, Windows 7, Windows 8) W32.Mydoom.V@mm gets on a PC through fraud of the consumer or through operating of applications fragilities, so, you need to remove W32.Mydoom.V@mm fast as can. Customary, W32.Mydoom.V@mm wormy computer does not give the contagion to other machines. But this doesn't compel W32.Mydoom.V@mm less malicious than viruses and its absolute necessity to remove W32.Mydoom.V@mm less urgent. Some users contact help to perfect W32.Mydoom.V@mm removal or install W32.Mydoom.V@mm removal tools or even gain new computers. W32.Mydoom.V@mm is hardly alone on wormy machine that defines necessity to remove W32.Mydoom.V@mm and other sorts of malicious programs. Other W32.Mydoom.V@mm sources treat rootkit approachs to preclude detection and W32.Mydoom.V@mm removal by W32.Mydoom.V@mm removal tools. In Windows Vista the problem with W32.Mydoom.V@mm removal or W32.Mydoom.V@mm removal tool installation was tried to be spared by default reduced consumer privileges. How W32.Mydoom.V@mm infected your PC?W32.Mydoom.V@mm copies its file(s) to your hard drive. Its typical file name is Cnfgldr.exe (if it is not using random names for executable files). Then it records in startup key with name W32.Mydoom.V@mm and value Cnfgldr.exe. You can also find it in your processes list with name Cnfgldr.exe or W32.Mydoom.V@mm. Usually W32.Mydoom.V@mm influences your internet or network connection. If you have any additional questions about W32.Mydoom.V@mm, please ask them in the form above and we'll contact you as soon as possible. Download Wipersoft AntispywareDownload this advanced removal tool and solve problems with W32.Mydoom.V@mm and Cnfgldr.exe (download of fix will start immediately): Download WiperSoft Antispyware to remove W32.Mydoom.V@mm* WiperSoft Antispyware was developed to remove threats like W32.Mydoom.V@mm in automatic mode. Remover has active module to protect PC from hijackers, trojans, ransomware and other viruses. Trial version of Wipersoft provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Wipersoft. Features of WiperSoft Antispyware
Download Spyhunter Remediation Tool by Enigma SoftwareDownload antimalware designed specifically to remove threats like W32.Mydoom.V@mm and Cnfgldr.exe (download of fix will start immediately): Download AntiMalware to remove W32.Mydoom.V@mmFeatures of Spyhunter Remediation Tool
Manual SolutionHow to delete W32.Mydoom.V@mm files, folders, and registry keys?Manually deleting registry keys folder and files belonging to W32.Mydoom.V@mm usually helps to get rid of it but to be sure you need to remove malicious process from startup and unregistering all corresponding DLLs as W32.Mydoom.V@mm can restore itself. Missing DLL's corrupted by W32.Mydoom.V@mm can be replaced by original from you Windows CD. To remove W32.Mydoom.V@mm once and forever, you need: 1. Prevent the following processes from running and delete the appropriate files:
Warning: you should delete only files located in mentioned folders and exactly with the names that are listed. Sometimes there may be valid files with the same names in your system. We recommend you to use WiperSoft Antispyware Malware Remediation Tool that provides safe problem solution. **Trial version of Wipersoft provides detection of computer viruses for FREE. To remove malware, you have to purchase the full version of Wipersoft. 2. Remove the following malicious folders:
3. Remove the following malicious registry entries and\or values using Registry Editor:
Here are the descriptions of problems connected with W32.Mydoom.V@mm and Cnfgldr.exe we received earlier:Problem Summary: MyDoom Virus Problem I have executed the file ComboFix. The exe generated a txt log file as shown below. Please provide a resolution. Problem was successfully solved. Ticket was closed. Problem Summary: i want to clean this trojan hi Problem was successfully solved. Ticket was closed. Problem Summary: I can't open my drives by double clicking them I have a problem with my windows XP when I want to open my drives by double clicking them a command promt windows appear with title of my drive name + " :\pic.exe " and then it close immediatly. I have reinstalled my Windows 3 times but no change appeared. Problem was successfully solved. Ticket was closed. Problem Summary: fixmydoom.exe won't run Tell me I do not have administrator level privledges, but I do, Problem was successfully solved. Ticket was closed. Problem Summary: pic.exe can not open drive of widows Problem was successfully solved. Ticket was closed. Problem Summary: win32s.exe this file was infect to my computer and flash disk and i don'n remove it. thank you... Problem was successfully solved. Ticket was closed. |
Copyright © 2024 Security Stronghold. All Rights Reserved. All content on this website is protected and belongs to Security Stronghold LLC.
Problem Summary: MyDoom Virus Problem
I have executed the file ComboFix. The exe generated a txt log file as shown below. Please provide a resolution.
ComboFix 09-03-10.03 - comp3 2009-03-12 20:46:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2037.1482 [GMT 5.5:30]
Running from: c:\documents and settings\comp3\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090311-1] *On-access scanning disabled* (Updated)
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\AutoRun.inf
c:\windows\system32\Cache
c:\windows\system32\drivers\ati6hjxx.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ATI6HJXX
-------\Legacy_icf
-------\Legacy_TCPSR
-------\Service_ati6hjxx
-------\Service_tcpsr
((((((((((((((((((((((((( Files Created from 2009-02-12 to 2009-03-12 )))))))))))))))))))))))))))))))
.
2009-03-12 19:37 . 2009-03-12 19:35 297,088 --a------ C:\FxMydoom.exe
2009-03-12 19:15 . 2009-03-12 19:15 d-------- c:\program files\CCleaner
2009-03-12 19:12 . 2009-02-21 07:36 3,171,208 --a------ C:\ccsetup216.exe
2009-03-12 19:00 . 2009-03-12 19:00 d-------- c:\documents and settings\comp3\Application Data\TeamViewer
2009-03-12 18:59 . 2009-03-12 18:59 d-------- c:\documents and settings\comp3\temp
2009-03-12 17:07 . 2009-03-12 17:07 d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-12 17:06 . 2009-03-12 17:06 d-------- c:\documents and settings\comp3\Application Data\Simply Super Software
2009-03-12 17:06 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2009-03-12 17:06 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2009-03-12 16:54 . 2009-03-12 16:54 d-------- c:\program files\Alwil Software
2009-03-12 11:46 . 2009-03-12 11:46 d-------- c:\documents and settings\comp3\Application Data\Malwarebytes
2009-03-12 11:46 . 2009-03-12 11:46 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-12 10:32 . 2009-03-12 20:51 96,110 --a------ c:\windows\system32\drivers\2262f094.sys
2009-03-12 10:32 . 2009-03-12 10:32 33,280 --a------ c:\documents and settings\All Users\lhigp.dll
2009-03-11 17:46 . 2009-03-11 21:16 99,950 --a------ c:\windows\system32\drivers\87f5a810.sys
2009-03-11 17:45 . 2009-03-11 17:45 33,280 --a------ c:\windows\system32\acnjup.dll
2009-03-11 17:25 . 2009-03-11 17:25 33,280 --a------ c:\documents and settings\comp3\bnvuskwj.dll
2009-03-11 17:24 . 2009-03-11 17:24 33,280 --a------ c:\documents and settings\All Users\jkso.dll
2009-03-11 17:23 . 2009-03-11 17:42 99,950 --a------ c:\windows\system32\drivers\24f8dff7.sys
2009-03-11 15:21 . 2009-03-11 15:21 d-------- c:\program files\MSDN
2009-03-11 15:09 . 2009-03-11 15:09 d-------- c:\program files\Microsoft Device Emulator
2009-03-11 15:09 . 2009-03-11 15:09 d-------- c:\program files\Business Objects
2009-03-11 15:08 . 2009-03-11 15:08 d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-03-11 15:01 . 2009-03-11 15:01 d-------- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-03-11 14:56 . 2009-03-11 14:56 d-------- c:\windows\symbols
2009-03-11 14:54 . 2009-03-11 14:54 d-------- c:\program files\Microsoft SDKs
2009-03-11 14:54 . 2009-03-11 14:57 d-------- c:\program files\HTML Help Workshop
2009-03-11 14:54 . 2009-03-11 15:01 d-------- c:\program files\Common Files\Merge Modules
2009-03-11 14:54 . 2009-03-11 14:54 d-------- c:\program files\CE Remote Tools
2009-03-11 14:52 . 2009-03-11 14:52 d-------- c:\windows\system32\XPSViewer
2009-03-11 14:51 . 2009-03-11 14:51 d-------- c:\program files\Reference Assemblies
2009-03-11 14:48 . 2009-03-11 14:48 d-------- c:\program files\MSXML 6.0
2009-03-11 13:31 . 2009-03-11 13:31 d-------- c:\program files\MagicISO
2009-03-11 13:16 . 2009-03-11 14:52 d-------- c:\program files\MSBuild
2009-03-11 11:00 . 2009-03-11 11:00 247,656 --a------ c:\windows\system32\ht8x4.exe
2009-03-10 20:19 . 2009-03-10 20:40 d-------- c:\windows\SxsCaPendDel
2009-03-10 17:45 . 2009-03-12 19:48 d-------- c:\documents and settings\comp3\Application Data\nidle
2009-03-10 17:38 . 2009-03-10 17:38 d---s---- c:\documents and settings\comp3\UserData
2009-03-10 17:31 . 2009-03-10 17:31 d-------- c:\windows\IIS Temporary Compressed Files
2009-03-10 12:26 . 2009-03-10 12:26 0 -rahs---- C:\kht
2009-03-10 12:22 . 2009-03-10 12:25 1,517 -rahs---- c:\windows\system32\autorun.in
2009-03-10 12:22 . 2009-03-10 12:25 1,470 -rahs---- c:\windows\system32\autorun.i
2009-03-09 21:43 . 2009-03-11 18:29 d-------- c:\program files\Microsoft SQL Server
2009-03-09 21:41 . 2009-03-09 21:41 d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-09 21:32 . 2009-03-10 20:14 d-------- c:\program files\Microsoft.NET
2009-03-09 21:32 . 2009-03-09 21:32 d-------- c:\program files\Microsoft Web Designer Tools
2009-03-09 21:32 . 2009-03-11 15:09 d-------- c:\program files\Microsoft Visual Studio 9.0
2009-03-09 21:29 . 2006-06-29 13:07 14,048 --------- c:\windows\system32\spmsg2.dll
2009-03-09 12:51 . 2009-02-12 05:54 37,183 --a------ C:\addmember.php
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Real
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Common Files\xing shared
2009-03-05 17:51 . 2009-03-05 17:51 d-------- c:\program files\Common Files\Real
2009-03-05 13:51 . 2009-03-05 13:51 84,992 -ra-s---- c:\windows\system32\rmtrx.dll
2009-03-04 12:15 . 2009-03-11 13:57 d--h----- C:\$AVG8.VAULT$
2009-03-03 19:40 . 2009-03-03 19:40 d-------- c:\program files\ESET
2009-03-03 19:40 . 2009-03-03 19:40 d-------- c:\documents and settings\All Users\Application Data\ESET
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\windows\system32\drivers\Avg
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\program files\AVG
2009-03-03 19:18 . 2009-03-03 19:25 d-------- c:\documents and settings\comp3\Application Data\AVGTOOLBAR
2009-03-03 19:18 . 2009-03-03 19:18 d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-03 19:18 . 2009-03-03 19:18 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-03 19:18 . 2009-03-03 19:18 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-03 18:41 . 2009-03-03 19:18 d-------- c:\documents and settings\Administrator
2009-03-03 18:12 . 2009-03-03 19:18 d-------- c:\documents and settings\Guest
2009-02-28 11:46 . 2009-02-28 11:47 d-------- c:\program files\Sizer
2009-02-26 19:22 . 2009-02-27 12:14 d-------- c:\documents and settings\comp3\Application Data\dvdcss
2009-02-26 12:42 . 2009-02-26 12:42 d-------- c:\program files\Apple Software Update
2009-02-26 12:42 . 2009-02-26 12:42 d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-21 16:39 . 2009-02-21 16:41 d-------- c:\documents and settings\comp3\Application Data\Ahead
2009-02-21 16:39 . 2009-02-21 19:58 69 --a------ c:\windows\NeroDigital.ini
2009-02-21 16:38 . 2009-02-21 16:38 d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-02-20 18:24 . 2009-03-10 20:40 d-------- c:\program files\Google
2009-02-20 13:23 . 2009-02-20 13:23 d-------- c:\program files\Flash Movie Player
2009-02-19 19:20 . 2009-03-11 17:29 57,992 --ah----- c:\windows\system32\mlfcache.dat
2009-02-17 13:55 . 2009-02-17 13:55 d-------- c:\documents and settings\comp3\Application Data\Media Player Classic
2009-02-14 17:23 . 2009-02-26 12:43 d-------- c:\documents and settings\comp3\Application Data\Apple Computer
2009-02-13 20:33 . 2009-02-16 20:13 d-------- c:\documents and settings\comp3\Application Data\Xilisoft Corporation
2009-02-13 16:42 . 2009-02-13 16:43 d-------- c:\documents and settings\comp3\Application Data\vlc
2009-02-13 12:52 . 2009-02-13 12:52 d-------- c:\program files\YouTube Downloader
2009-02-13 10:40 . 2009-03-12 12:10 d-------- C:\My Web Sites
2009-02-13 10:39 . 2009-02-13 10:39 d-------- c:\program files\WinHTTrack
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-12 14:47 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 2
2009-03-12 11:44 --------- d-----w c:\documents and settings\comp3\Application Data\uTorrent
2009-03-11 10:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 07:46 --------- d-----w c:\program files\Microsoft Works
2009-02-26 07:13 --------- d-----w c:\program files\Safari
2009-02-20 08:01 --------- d-----w c:\program files\Macromedia
2009-02-20 08:01 --------- d-----w c:\program files\Common Files\Macromedia
2009-02-11 12:59 --------- d-----w c:\program files\uTorrent
2009-02-10 06:17 --------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2009-02-10 06:11 --------- d-----w c:\program files\Common Files\Adobe
2009-02-10 06:06 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-10 06:06 --------- d-----w c:\program files\Common Files\Macromedia Shared
2009-02-09 13:26 --------- d-----w c:\program files\VideoLAN
2009-02-09 08:25 --------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems
2009-02-09 06:04 --------- d-----w c:\program files\GlobalSCAPE
2009-02-09 06:04 --------- d-----w c:\documents and settings\comp3\Application Data\GlobalSCAPE
2009-02-09 06:04 --------- d-----w c:\documents and settings\All Users\Application Data\GlobalSCAPE
2009-02-09 05:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-09 05:17 --------- d-----w c:\program files\Opera
2009-02-09 05:17 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-08 06:58 --------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-02-05 07:46 --------- d-----w c:\documents and settings\comp3\Application Data\InterTrust
2009-02-05 07:41 315,392 ----a-w c:\windows\HideWin.exe
2009-02-05 07:41 --------- d-----w c:\program files\Realtek
2009-02-05 07:38 --------- d-----w c:\documents and settings\comp3\Application Data\InstallShield
2009-02-05 07:34 --------- d-----w c:\program files\Intel
2009-02-05 07:28 --------- d-----w c:\program files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-10 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-11 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-11 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-11 131072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-03 1234712]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-06 81000]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-11 c:\windows\RTHDCPL.exe]
c:\documents and settings\comp3\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
Sizer.lnk - c:\program files\Sizer\sizer.exe [2002-12-08 18944]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-02-05 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-02 02:52 3739648 c:\program files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\comp3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\comp3\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56795:TCP"= 56795:TCP:BuildIntel SystemSpeech
"25551:TCP"= 25551:TCP:BuildIntel PackagesGames
"47906:TCP"= 47906:TCP:BuildIntel Microsofttwain
"14747:UDP"= 14747:UDP:BuildIntel OptionsOptions
"12180:TCP"= 12180:TCP:BuildIntel MakerVideo
"35691:UDP"= 35691:UDP:BuildIntel Documentswinsxs
"30545:UDP"= 30545:UDP:BuildIntel OfficeDownloaded
"15919:UDP"= 15919:UDP:BuildIntel Documentsinf
R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-12 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-03 97928]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 30728]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-12 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-03 231704]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2005-10-14 199384]
R2 msftesql$MASTER;SQL Server FullText Search (MASTER);c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 msftesql$MYMATE;SQL Server FullText Search (MYMATE);c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 msftesql$SQLEXPRESS_MAS;SQL Server FullText Search (SQLEXPRESS_MAS);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe [2006-02-14 92880]
R2 MSSQL$MASTER;SQL Server (MASTER);c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 MSSQL$MYMATE;SQL Server (MYMATE);c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R2 MSSQL$SQLEXPRESS_MAS;SQL Server (SQLEXPRESS_MAS);c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe [2006-04-14 28933976]
R3 slnt;Silan SC92031 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2009-02-09 18004]
S2 jfmyihpecs;jfmyihpecs;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
S2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS); [x]
S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER); [x]
S2 W32mon;Config Time;c:\windows\system32\svchost.exe -k netsvcs [2004-08-04 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
W32mon
Jnfoe
oafkez
ayxisuhag
JfmyIhpecs
.
Contents of the 'Scheduled Tasks' folder
2009-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-261903793-725345543-1003.job
- c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-10 15:19]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-TkBellExe - realsched.exe
MSConfigStartUp-Email Protection - c:\progra~1\QUICKH~1\QUICKH~1\EMLPROUI.EXE
MSConfigStartUp-Messenger - c:\progra~1\QUICKH~1\QUICKH~1\SCANMSG.EXE
MSConfigStartUp-On-Line Protection - c:\progra~1\QUICKH~1\QUICKH~1\cateye.exe
MSConfigStartUp-ResumeQuickupDownload - c:\progra~1\QUICKH~1\QUICKH~1\acappaa.exe
MSConfigStartUp-Startup Scan - c:\progra~1\QUICKH~1\QUICKH~1\Sensor.EXE
MSConfigStartUp-Update Scheduler - c:\progra~1\QUICKH~1\QUICKH~1\UPSCHD.EXE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bleepingcomputer.com/combofix/how-to-use-combofix
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {22BCDE5B-6F85-4EE9-8A86-DA3C2A943747} = 198.168.0.1
TCP: {7E698D0B-D550-4676-A421-B6F2526946C4} = 202.138.96.2,202.138.103.100
FF - ProfilePath - c:\documents and settings\comp3\Application Data\Mozilla\Firefox\Profiles\6blig0c1.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\comp3\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\comp3\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-12 20:50:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$MASTER]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.5\MSSQL\Binn\msftesql.exe\" -s:MSSQL.5 -f:MASTER"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$MYMATE]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.4\MSSQL\Binn\msftesql.exe\" -s:MSSQL.4 -f:MYMATE"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\msftesql$SQLEXPRESS_MAS]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\msftesql.exe\" -s:MSSQL.3 -f:SQLEXPRESS_MAS"
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\2262f094]
"ImagePath"="\SystemRoot\System32\drivers\2262f094.sys"
--
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\W32mon]
"ServiceDll"="c:\windows\system32\rmtrx.dll"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\documents and settings\comp3\temp\TeamViewer\Version4\TeamViewer.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-03-12 20:56:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-12 15:26:30
Pre-Run: 19,773,566,976 bytes free
Post-Run: 19,594,235,904 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6
289
Problem was successfully solved. Ticket was closed.